The U.S. power grid is in constant danger of a cyberattack that could cause widespread blackouts and impact millions of citizens, according to a new 492-page report from the Department of Energy that warns if nothing is done to protect the system, the nation likely will suffer.

“The U.S. grid faces imminent danger from cyberattacks,” the report, released Jan. 6, states. “Widespread disruption of electric service because of a transmission failure initiated by a cyberattack at various points of entry could undermine U.S. lifeline networks, critical defense infrastructure, and much of the economy; it could also endanger the health and safety of millions of citizens.”

The report, titled “Transforming the Nation’s Energy System,” notes that the electric grid in the 48 contiguous states is comprised of 21,500 substations and about 700,000 miles of power lines.

It points to the 2015 cyberattack on the Ukrainian electric grid as an example of what is possible in the U.S. That attack — the “most sophisticated cyber incident on a power system to date” – took out electricity for 225,000 customers “after malicious actors remotely manipulated circuit breakers across multiple facilities.”

One problem America faces, the report says, is that while cyberattacks are rapidly evolving, power grid officials are slow to deploy defensive measures.

“This gap is exacerbated by difficulties in addressing vulnerabilities in operational technologies that cannot easily be taken offline for upgrades, and the presence of significant legacy systems, as well as components that lack computing resources to incorporate new security fixes,” the report says.

For a fix to be successful, the report notes, it “must be implemented by the thousands of private companies that own and operate electricity infrastructure.”